List,
I've been working on a method to parse a PDF or TXT document and
output the results to XML over at Experts Exchange.
http://www.experts-exchange.com/Programming/Languages/Scripting/Perl/Q_24439630.html
You may view the attached document or if the mailing list doesn't
allow here is a copy of
On Wed, May 27, 2009 at 6:27 PM, Stephen Reese wrote:
> List,
>
> I've been working on a method to parse a PDF or TXT document and
> output the results to XML over at Experts Exchange.
> http://www.experts-exchange.com/Programming/Languages/Scripting/Perl/Q_24439630.html
I found a Perl script that parses Cisco ACL logging format and I would
like to modify it to parse the IPS format that Cisco uses. I have made
changes to the expression that picks up the Rule and the script still
runs but there isn't any useful output. Any recommendations would be
great.
Here's wha
I am working on modifying a script that previously parsed Cisco ACL's
and changing it to parse IPS information.
Here is an example of the two log formats.
Sep 19 15:44:29 172.16.2.1 59800: 3725router: Sep 19 19:44:39: %SEC-6-
IPACCESSLOGP: list 104 denied udp 93.144.187.255(13157) ->
68.156.63.11
ast };
printf ("%6s:%s\n", $quad{$i},$i);
}
$n=0;
printf "\nDestination Port Summary:\n";
foreach my $i ( sort { $port{$b} <=> $port{$a} } keys %port) {
if ($n++ >= $ntop) { last };
printf ("%6s: %s\n", $port{$i},$i);
}
$n=0;
printf "\nSource Ad
> John is right.
> You should always 'use strict' at the begin of the scripts.
> Here you didn't declare the variables, so you got the errors.
> You could declare them with:
> my $x = ...;
> my $foo = ...;
>
> For Perl's variable scope, see this:
> http://perl.plover.com/FAQs/Namespaces.html
>
Jef
y" first before you use them. With respect to your reply below, it
> doesn't matter whether you gave it a value of 0 or some other value...there
> is no rule on what an initial value should be...whatever fits your
> situation. But, you need to declare it.
>
> Ray
>
>
John,
I made many of the changes but what is the addition of the 'next' statement
for? I tried to add the additional code but the script dies mentioning that
it is not terminated correctly. If I comment out the next statement the
script runs fine.
#!/usr/bin/perl
#
use warnings;
use strict;
# S
[snip]
>
> #next unless /IPACCESSLOGP: list $acl denied ([tcpud]+)
> ([0-9.]+)\([0-9]+\)\s*->\s*([0-9.]+)\(([0-9]+)\), ([0-9]+) \;
>
next unless /IPACCESSLOGP: list $acl denied ([tcpud]+) ([0-9.]+)\
([0-9]+\)\s*->\s*([0-9.]+)\(([0-9]+)\), ([0-9]+) /;
Thanks Ron that worked. What is the 'next' stat
> In your original post you presented *two* *separate* scripts and I
> commented on both scripts, and now you are combining parts of both
> scripts which is why you seem to be confused.
>
> Hint: The "next unless //;" was a replacement for the "if (//) {}"
> block.
John, originally I was trying t
I'm looking to increase the count $x every time a match is made for
the regex. Though I'm not having any luck nor am I receiving any
errors. I'm missing something, it seems $x++ would increase $x since
it starts at 0 by default?
http://www.doulos.com/knowhow/perl/quick_start/
my ( %srca );
my $x;
> Hello Stephen,
>
> I think the problem might be with your regular expression and not $x.
>
> If your regular expression does not match the current line then every line
> will be skipped.
>
> What does the line that is being processed look like?
>
> Dave
Here are two lines from the log file.
Sep
> I just copied over your code and noticed that the end of
> your regular expression (the "/" character) runs across a
> newline. Once I moved that back up to this:
>
> next unless
> /Sig:\s*(\d+)\s+Subsig:\s*(\d+)\s+Sev:\s*(\d+)([^\[]+)\[([\d\.]+):(\d+)
> \s*->\s*([\d\.]+):(\d+)/;
>
> $x is incr
> It appears that there is a space (' ') character at the end of the
> pattern where there should be a ']' character.
John, I'm missing where the closing bracket should go.
while () {
next unless
/Sig:\s*(\d+)\s+Subsig:\s*(\d+)\s+Sev:\s*(\d+)([^\[]+)\[([\d\.]+):(\d+)\s*->
\s*([\d\.]+):(\d
> printf() (as seen three lines down) has a format string and a list of
> values corresponding to the % escapes in that string. Because you are
> using a string literal you should use print() instead.
>
> > foreach my $i (sort { $quad{$b} <=> $quad{$a} } keys %quad) {
> >if ($n++ >= $ntop) {
> Have a look at the sample data you posted and you will see where.
>
>
> John
I believe I found where the ']' needs to go but didn't see any extra ' '
space.
The $x count seems off. As I see it every time a regex match is made then $x
will increase one. The match numbers results are about 5x g
> I don't see where you're printing $x to check.
Jay, I probably was not and do not know how to :-).
> Assuming you have actually checked $x, though, the important question
> isn't whether $x == `grep -c regex /your/log/file`.
>
> The important question is whether $x == scalar keys %srca.
>
> If
> I don't understand why you're /adding/ the match count $x to the hash value
> each
> time. Is that why you're getting values that you don't expect?
>
> If the first column of your output is supposed to be a count (for that source
> address, connection, or port) then you should be adding one each
18 matches
Mail list logo
